Accompanying me on the webinar was Rebecca Perry of Jordan Lawrence. Rebecca talked about how organizations can find and identify the most crucial information that they need to secure. The main types of information she identified were customer information (credit card numbers, for instance), employee information, intellectual property, medical information such as drug screening, and personal data such as SSN. Most companies are surprised to find that they have tens to hundreds of violations daily as this type of information leaves on laptops, emails, thumb drives, or through other means.
We did four surveys during the session, the most interesting one to me was what kind of information was most critical to protect. Overwhelmingly our audience said customer information. This is the information that causes the most exposure, and costs the most money when it is leaked or lost. Rebecca had some great figures – the typical data breach costs a company $4.8 million, and companies see stocks fall and average of 1% to 4% the day after a breach is reported.
The Information Rights Management use cases I covered were:
- Control who can view, print or copy information out of a document
- Effectively delete a remote document by deleting the encryption key on your server. This also has document retention/e-discovery benefits.
- Ensure employees, customer and partners are using up-to-date information by forcing updated content when their rights are checked
- Audit usage of content, such as when an partner viewed or printed a document
- Perform clawback of content that has been conveyed to opposing counsel improperly.
The other interesting survey result was the distribution of responsibility for creating security policies – IT 33% Legal 30% but company executives surprised me at 19%. It’s interesting to see this problem getting visibility across organizations.
You can hear the event here.